summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2010-11-30 17:05:13 +0100
committerMichael Tänzer <neo@nhng.de>2010-11-30 17:05:13 +0100
commitab9da60f7279cec312dcedad0fe403f0aeda8a94 (patch)
tree1563be09c770e3b1d84708512176004809153361 /www
parent1ff27b7cd83f1e9f218918f5cdc3b617fd7735e3 (diff)
downloadcacert-devel-ab9da60f7279cec312dcedad0fe403f0aeda8a94.tar.gz
cacert-devel-ab9da60f7279cec312dcedad0fe403f0aeda8a94.tar.xz
cacert-devel-ab9da60f7279cec312dcedad0fe403f0aeda8a94.zip
source code taken from cacert-20101129.tar.bz2
Diffstat (limited to 'www')
-rw-r--r--www/cats/.#cats_import.php.1.2165
-rw-r--r--www/images/CAcert-logo-mono-1000.pngbin0 -> 19406 bytes
-rw-r--r--www/policy/NRPDisclaimerAndLicence.php105
-rw-r--r--www/policy/index.php2
4 files changed, 11 insertions, 261 deletions
diff --git a/www/cats/.#cats_import.php.1.2 b/www/cats/.#cats_import.php.1.2
deleted file mode 100644
index ec73b1b..0000000
--- a/www/cats/.#cats_import.php.1.2
+++ /dev/null
@@ -1,165 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-// Comment (to be romeved): better to disable shot open tags in php.ini
-
-/*
- cats_import.php
-
- API for CATS to import passed tests into main CAcert database.
-*/
-
-function sanitize_string($buffer) {
- return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES);
-}
-
-define ('UNDEFINED', 'nd');
-define ('ALLOWED_IP', '72.21.48.90');
-define ('CONFIG_FILEPATH', '/www/');
-
-$remote_addr = (isset($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:UNDEFINED;
-$server_name = (isset($_SERVER['SERVER_NAME']))?$_SERVER['SERVER_NAME']:UNDEFINED;
-$https = (isset($_SERVER['HTTPS']))?$_SERVER['HTTPS']:UNDEFINED;
-$ssl_client_s_dn = (isset($_SERVER['SSL_CLIENT_S_DN']))?$_SERVER['SSL_CLIENT_S_DN']:UNDEFINED;
-
-$access = FALSE;
-
-// Access only from CATS.cacert.org with a client certificate for cats@cacert.org
-if (
- $remote_addr == ALLOWED_IP &&
- $https == 'on' &&
- // Comment (to be romeved): better to use preg_match matching the end of the line (since this is on the end of the line right?)
- // Ted: Is this specified? I don't think so, therefore I'd keep stristr
- strlen(stristr($ssl_client_s_dn, '/emailAddress=cats@cacert.org')) > 0
-) $access = TRUE;
-
-if ($access !== TRUE) {
- echo 'UNAUTHORIZED ACCESS<br>'."\r\n";
- echo 'IP: '.sanitize_string($remote_addr).'<br>'."\r\n";
- echo 'Server: '.sanitize_string($server_name).'<br>'."\r\n";
- echo 'HTTPS: '.sanitize_string($https).'<br>'."\r\n";
- echo 'Client cert: '.sanitize_string($ssl_client_s_dn).'<br>'."\r\n";
- trigger_error('Unauthorized access: ip('.$remote_addr.') server('.$server_name.') https('.$https.') cert('.$ssl_client_s_dn.')', E_USER_ERROR);
- exit();
-}
-
-// Comment (to be romeved): do you we session autostart in php.ini??
-// Ted: Sessions are quite meaningless for me since the upload protocol is stateless. Should session_start be called nevertheless?
-session_start();
-
-require_once(CONFIG_FILEPATH.'includes/mysql.php');
-
-// Comment (to be romeved): dunno the difference between stripslashes and stripcslashes
-// manual is iunclear too, please make sure there are no decoding issues
-// Ted: I just used it here because I saw it elsewhere and it seems to work. Would you prefer stripslashes?
-if (get_magic_quotes_gpc()) {
- $serial = stripcslashes($_POST['serial']);
- $root = stripcslashes($_POST['root']);
- $type = stripcslashes($_POST['type']);
- $variant = stripcslashes($_POST['variant']);
- $date = stripcslashes($_POST['date']);
-} else {
- $serial = $_POST['serial'];
- $root = $_POST['root'];
- $type = $_POST['type'];
- $variant = $_POST['variant'];
- $date = $_POST['date'];
-}
-
-// Explicitly select all those IDs so I can insert new rows if needed.
-$query = mysql_query('SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';');
-if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
-}
-
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
- $typeID = $result['0'];
-} else {
- $query = mysql_query('INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');');
- if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
- }
-
- $typeID = mysql_insert_id();
-}
-
-$query = mysql_query('SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';');
-if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
-}
-
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
- $variantID = $result['0'];
-} else {
- $query = mysql_query('INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');');
- if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
- }
-
- $variantID = mysql_insert_id();
-}
-
-// Now find the userid from cert serial
-$query = mysql_query('SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';');
-if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
-}
-
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
- $userID = $result['0'];
-} else {
- echo 'Cannot find cert '.sanitize_string($serial).' / '.sanitize_string($root)."\r\n";
- // Let's treat this as an error, since it should not happen.
- trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysql_error(), E_USER_ERROR);
- exit();
-}
-
-// The unique constraint on cats_passed assures that records are not stored multiply
-$query = mysql_query('INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');');
-if (!$query) {
- if (mysql_errno() != 1062) { // Duplicate Entry is considered success
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
- }
-}
-
-// Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100
-if (!$query) {
- echo 'Invalid query'."\r\n";
- trigger_error('Invalid query', E_USER_ERROR);
- exit();
-}
-
-echo 'OK'."\r\n";
-
-?>
diff --git a/www/images/CAcert-logo-mono-1000.png b/www/images/CAcert-logo-mono-1000.png
new file mode 100644
index 0000000..1beeb43
--- /dev/null
+++ b/www/images/CAcert-logo-mono-1000.png
Binary files differ
diff --git a/www/policy/NRPDisclaimerAndLicence.php b/www/policy/NRPDisclaimerAndLicence.php
index 6dbc647..bee8f26 100644
--- a/www/policy/NRPDisclaimerAndLicence.php
+++ b/www/policy/NRPDisclaimerAndLicence.php
@@ -1,99 +1,14 @@
-<?php
-loadem("index");
-$id = intval($id);
-//showheader(_("CAcert - Non-Related Persons - Disclaimer and Licence"));
-?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head><title>NRP-DAL was replaced by the Root Distribution License</title></head>
+<body>
<table border="1" bgcolor="#EEEEEE"><tr><td>
-<h1 align="center"> <?=_("Non-Related Persons")?> </h1>
-<h2 align="center"> <?=_("(Disclaimer and Licence)")?> </h2>
-
-
-<h2> <?=_("Definitions")?> </h2>
-
-<p>
-<?=_("This is a Disclaimer and Licence from
-<u> CAcert Inc </u>,
-the 'issuer',
-to you, the 'user',
-being a general user of the Internet.")?>
-</p>
-
-<h2> Disclaimer </h2>
-
-<p>
-<?=_("The issuer has no other agreement with you,
-and has no control nor knowledge
-as to how you intend to use the products of the issuer.
-You alone take on all of the risk and all of the
-liability of your usage.
-The issuer makes no guarantee, warranty nor promise to you.")?>
-</p>
-
-<p>
-<?=_("Therefore, to the fullest extent possible in law,
-<b>ISSUER DISCLAIMS ALL LIABILITY TO YOU</b>
-on behalf of itself and its related parties.")?>
-</p>
-
-<h2> <?=_("Licence")?> </h2>
-
-<p>
-<?=_("This licence offers you a non-exclusive, non-transferable
-'PERMISSION TO USE' certificates issued by issuer.")?>
-</p>
-
-<ul><li>
- <?=_("You may 'USE' the certificates as facilitated
- by your software. For example,
- you may construct connections, read emails,
- load code or otherwise, as facilitated by your
- software.")?>
- </li><li>
- <?=_("You may NOT RELY on any statements or claims
- made by the certificates or implied in any way.")?>
- </li><li>
- <?=_("If your software is licensed under a separate
- third party agreement, it may be permitted
- to make statements or claims based on the certificates.
- You may NOT RELY on these statements or claims.")?>
- </li><li>
- <?=_("You may NOT distribute certificates or root keys
- under this licence, nor make representation
- about them.")?>
-</li></ul>
-
-</td></tr></table>
-
-<h2> <?=_("Alternatives")?> </h2>
-
-<p>
-<?=_("If you find the terms of the above
-Non-Related Persons
-Disclaimer and Licence
-difficult or inadequate for your use, you may wish to")?>
-</p>
-
-<ul><li>
- <?=sprintf(_("As an individual,
- %sregister with issuer%s
- and enter into the user agreement.
- This is free."),"<a href='https://www.cacert.org/index.php?id=1'>","</a>")?>
- </li><li>
- <?=_("As a Third Party Distributor,
- enter into a separate third party agreement
- with issuer.")?>
- </li><li>
- <?=_("Delete issuer's roots from your software.
- Your software documentation should give
- directions and assistance for this.")?>
-</li></ul>
-
-<p>
-<?=_("These alternatives are outside the above
-Non-Related Persons Disclaimer and Licence
-and do not incorporate.")?>
-</p>
-
+The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found <a href="/policy/RootDistributionLicense.php">here</a>.
+</td>
+</tr>
+</table>
+</body>
+</html>
diff --git a/www/policy/index.php b/www/policy/index.php
index 8506489..d3bfb06 100644
--- a/www/policy/index.php
+++ b/www/policy/index.php
@@ -25,7 +25,7 @@ showheader(_("CAcert - Policies"));
foreach (glob("*.php") as $filename)
{
- if($filename != "index.php")
+ if($filename != "index.php" && $filename != "NRPDisclaimerAndLicence.php")
{
echo "<li><a href='$filename'>$filename</a></li>\n";
}